panic() in a web serving route (e.g. signupPage here) is bad practice - an error will bring down your web server. Panics should be reserved for errors that invalidate your system, e.g. missing view assets or db connection on system startup.
I'm not familiar with how the DB classes work (and I guess what counts as a function "ending"). Since `db.Close()` is deferred, is there a mysql connection open for as long as the web server is open in this case?
The main() function doesn't "end" until the web listener is stopped, correct?
Yes, that's correct. `http.ListenAndServe()` doesn't return until the web listener is stopped.
This is actually the intended usage of `sql.Open()`: https://golang.org/pkg/database/sql/#Open (it maintains its own connection pool and is safe for concurrent use)
Whilst I am always grateful for new tutorials, I think this is a special case where the author should have gone the extra mile and talk about salting and maybe even about hashing the password client side.
Security related tutorials should not skip steps, even if only to mention the more advanced of them.
The DB: because there's an internal goroutine-safe connection pool, so you want it to either be global, or exist in the server singleton (i.e. global).
The err: because they use it so frequently, easier to define it once and simply assign to it multiple times than try and track if it's already been defined per block of code.
Personally, I prefer to use distinct error variables for each error which can be thrown, but either method is idiomatic.
[+] [-] taspeotis|9 years ago|reply
1) ignore an error, if any? And then
2) ignore hashPassword and just insert the non-hashed password into the database?
It looks like if someone follows along from home they'll get a syntax error from "usrname" but let's say they fixed that...
The code at the bottom of the article doesn't seem to suffer from the latter issue, but still suffers from the former.
[+] [-] afghanPower|9 years ago|reply
edit: Otherwise, great read! Hoping for more.
[+] [-] lllorddino|9 years ago|reply
[+] [-] jtruk|9 years ago|reply
Much better to http.Redirect/5xx.
[+] [-] lllorddino|9 years ago|reply
[+] [-] fideloper|9 years ago|reply
The main() function doesn't "end" until the web listener is stopped, correct?
[+] [-] stygiansonic|9 years ago|reply
This is actually the intended usage of `sql.Open()`: https://golang.org/pkg/database/sql/#Open (it maintains its own connection pool and is safe for concurrent use)
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] andmarios|9 years ago|reply
Security related tutorials should not skip steps, even if only to mention the more advanced of them.
[+] [-] rimantas|9 years ago|reply
[+] [-] insertnickname|9 years ago|reply
[+] [-] falcolas|9 years ago|reply
The err: because they use it so frequently, easier to define it once and simply assign to it multiple times than try and track if it's already been defined per block of code.
Personally, I prefer to use distinct error variables for each error which can be thrown, but either method is idiomatic.
[+] [-] avinassh|9 years ago|reply
[+] [-] arien|9 years ago|reply